Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I set up dovecot and all is well, but before I decide that I want to set something up outside of my network, are all passwords secure? should I only use new created users with no special permissions? I setup dovecot.conf with
auth = default
and in default {} the default value is md5-digest
but when I try to select that option with evolution I get this:"unable to connect to POP server $Server_Name: no support for requested authentication mechanism"and it will only work on evolution if I pick "password" for authentication. Just wondering, I guess if this sends passwords in plain text, or if it is encrypted and why I cant choose md5-digest option with evolution...maybe someone could help me here.
I use dovecot with Mozilla mail, thunderbird, and HORDE IMP and I use plain as opposed to MD5 authentication. This means that passwords are encrypted with the standard crypt algoritm instead of with MD5 -- try that, it might work. Also, either the password or the encrypted hash is going to be sent in the clear unles you're using POP3/IMAP over SSL -- have you set up dovecot to work with SSL?
I have tried plain it is the only way it works, but in evolution I pick password does it still get encrypted? and about ssl no i have considered that but dont know much about it...could you point me in the direction to learn about it, I would not like to buy stuff from verisign, but it still works with out getting authentictation certificate right?
How do I create public/private keys?
Is it really worth doing all that or does plain encrypt enough that I shouldn't have to worry 2 much about security?
Anyways if you could like I said point me in the right direction for doing this, that would be great, when you do though please keep in mind I know little to nothing about SSL.
I did read the documentation on dovecot though and mkcert.sh and i got the following error
error on line -1 of dovecot-openssl.cnf
6468:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('dovecot-openssl.cnf','rb')
6468:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:
6468:error:0E064072:configuration file routines:CONF_load:no such file:conf_def.c:197:
also i am doing pop, server so in dovecot-openssl.cnf so i think i would have to change something there?
Last edited by lildrummerboy; 07-20-2004 at 03:55 PM.
I am not sure whether the password gets encrypted in Evolution or at the server, but it doesn't particularly matter since it can just be sniffed off the wire and replayed either way. If your e-mail users also have shell access you really ought to go in for SSL. You don't need to pay VeriSign anything. In the doc directory of the dovecot source there is a script called mkcert.sh. You should edit the dovecot-openssl.cnf file and then run that script -- it will walk you through creating a SSL certificate. Then just enable pop3s and/or ipmaps (secure POP3/IMAP) in dovecot.conf, point it to the certificate, and you're set -- it's actually fairly easy. You'll need to tell your clients to trust your self-signed certificate.
ok i havent tested it yet, but i believe it is working, I just want to make sure permissions for private key should be 600, read and writeable by root thats all and public key read by every1 and writable by root?
ahh its not working...I saw certificate, though it didn't look very neat looking as far as what the output it gave me in evolution was, then when it asked for password it took a long time then finially returned this:
Error while 'Fetching Mail':
Unable to connect to POP server 192.168.2.4.
Error sending password: Unknown error
when I do nmap port 995/tcp is open which is pop3s.
nvm it is working now, dont ask what i did wrong I am not quite sure, I redid keys and played around with it and somehow got it to work, still would like to know why wierd format of certificate though
Last edited by lildrummerboy; 07-20-2004 at 06:13 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.